37.873 [801727] info: rules: meta test OBFU_UNSUB_UL has
dependency 'MAILING_LIST_MULTI' with a zero score
Feb 18 21:10:37.882 [801727] info: rules: meta test
HAS_X_OUTGOING_SPAM_STAT has dependency 'MAILING_LIST_MULTI' with a zero
score
Feb 18 21:10:37.937 [801727] dbg:
Hello,
try to increase dcc_timeout.
# this works for me
use_dcc 1
dcc_home /var/dcc
dcc_path /usr/local/bin/dccproc
dcc_timeout 16
add_header all DCC _DCCB_:_DCCR_
Martin
Hello,
I'm hoping someone can help troubleshooting using DCC in SpamAssassin.
My setup isn't populating the &
On Tue, 2023-12-05 at 23:25 -0800, Kenneth Porter wrote:
> On 12/5/2023 10:57 PM, Benny Pedersen wrote:
> > mimedefang does not use spamd, you only need either spamassassin
> > only
> > with spamd or mimedefang with spamassassin not running spamd
>
> It's a small server so I can afford to run SA
d it to
your private ruleset and be sure to update it if his headers or address
should change in future.
Martin
or grep to search it) though a proper
database such as Postgresql or MariaDB would be faster of the sent
address list is large, but he needs to know some fairly basic SQL to
add addresses to it and to do the lookups.
Martin
is well
organised and concise. I've also found "Debian Reference"
http://www.debian.org/doc/manuals/debian-reference/
useful for most flavours of Linux (I use Fedora and Raspbian)
Martin
by running
env | less
from a command line under the appropriate user and making sure that all
the environment variables you expect to see defined are, and have the
values you expect.
Martin
was
tested long ago, so not currently testing, but not yet using SA 4
either.
Martin
a simple program to create a syntactically
correct SA rule from the list. That is easily done with Perl or (better)
an awk script.
Martin
dresses from outbound mail to the database and discard the
messages as they're processed.
That said, I use this mechanism to populate a mail archive and a view to
select the addresses I've sent mail to from the archive.
This approach runs adequately fast and requires minimal maintenance
apart from a weekly backup.
HTH, Martin
27;ve got Wireshark installed:
Fire it up and tell it to watch for DNS and/or blacklist lookup traffic
on the appropriate ports.
Then feed known spam to SA. Wireshark will show you if spam is causing
external lookup requests to be generated, where they are being sent, and
what replies are being received
Martin
e to any of these column names will be rejected
unless it is qualified by referring to it as
table_name.column_name
Without specifying the fully qualified name, e.g public.awl.email, the
database engine can't know which table contains the column that the
script its executing is meant to use.
Martin
ation about it. If Postgres was installed from a standard package,
the psql interactive program (and its manpage) should also have been
installed.
Martin
ly no false mail rejections.
Martin
On Tue, 2022-08-23 at 12:11 +0200, Vincent Lefevre wrote:
> On 2022-08-18 19:40:33 +0100, Martin Gregorie wrote:
> > - if the reverse lookup fails, or the domain it retrieved does not
> > match the one in the From address, send a bare 550 REJECT because
> > the failed
>
m and similar
dross rather than simply tossing it in the wastebasket and it does at
least suggest a way of not telling a spammer why you dejected his junk.
Martin
On Sun, 2022-08-14 at 11:39 +1000, Noel Butler wrote:
> On 14/08/2022 02:38, Martin Gregorie wrote:
>
> > 3) It would be rather trivial to return spam to sender with a
> > suitable
>
> WTF, that has been a terrible idea since the 90s, given most spam is
> spoofed, the
know they had a problem. Didn't bounce, so they must
have got it.
Did they do anything? Apparently not. I still get their spam, but at
least my system bins it automatically.
Martin
d that its not worth my time to write such
a discriminator and maintain yet another set of rules about what gets
quarantined and what gets returned: better to quarantine it so
it can be analysed with the mk 1 eyeball.
Martin
peration. Its been running with essentially no changes for over ten
years now.
Martin
Thanks for sharing, Pedro. Useful information. Unrar updated asap. ;-)
Martin
sorry for the semi off-topic but worths so share...
important unrar bug...
https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
Regards,
Pedro.
verts the subrule result. At least, that's what
I'd try as a starting point.
Martin
f course you may need to extend that list to include some extras, such
as headers injected by SA itself, as well as DMARC, DKIM, SPF etc.
Martin
live by ftping the .cf file
containing it to the live machine's repository and restarting the live
SA daemon to pick up the new rule(s). Last, but not least, all my
private rules are put under version control in a git repository.
HTH
Martin
f, they pass both lint and functional checks, my local rule set is
uploaded to my live SA installation. These various operations are
carried out by bash scripts. Additionally, I have a script that can
run my local rule set against my entire library of test messages.
Martin
On Mon, 2022-04-04 at 01:45 +0200, Matija Nalis wrote:
> On Mon, Apr 04, 2022 at 12:19:23AM +0100, Martin Gregorie wrote:
> > For instance, I whitelist any email sender who I've previously sent
> > mail
> > to. To do this I maintain am email archive held in a PostgreSQL
hecked: if I've sent mail to them they get whitelisted.
> Then you can use similar principle to look for any other things you
> want to accomplish in the future, simply by looking how others have
> used it. That's why I provided it that way instead of simple
> copy/pasting the
> final result.
>
Good advice.
Martin
it recognises which messages are
contentless, or what you expect it to do with one, nobody on this list
can't say what, if anything, is wrong with your mail system.
Martin
want, but did write one that searches a
PostgreSQL database and whitelists e-mail from anybody that I've
previously sent mail to.
Get a copy of the 'Camel' book of you don't have one ("Programming Perl"
by Wall, Chrtiansen & Orwant, pub: O'Reilly).
The requirements for writing plugins are on the SA website.
Martin
e of spam no matter where it
comes from, i.e. pron, "girls looking for men", banking scams, etc.
Martin
> joe a.
>
day's part of the mail log, adds any
new addresses to the sorted list
- 'c' and 'd' could be combined as a single Perl plugin.
Martin
blacklists to constructing complex rules that do things like recognising
toxic attachment types or sets of phrases that, if found in several
headers and/or body text that together identify specific spam types and
score the message accordingly.
You can find the 'portmanteau' tool here:
https://www.libelle-systems.com/free/portmanteau/portmanteau.tgz
Martin
7;?
For that matter how many know about 'apropos'? And, even if they do,
they may not discover 'locate' because 'apropos search' doesn't find
either 'updatedb' or 'locate'. You have to enter 'apropos find' to
discover that 'locate' exists, and even then you could get side tracked
into trying to use the much more complex 'find' utility.
Martin
t using
base64 encoding will hide those bad URLs from SA, which is quite true.
However their tiny minds don't see that using base64 encoding on a
usascii attachment is a fairly reliable spam indicator all by itself.
Martin
, so use
'locate' and, if it doesn't find 'txrep', run 'sudo updatedb' and try
again.
Not trying to teach you to suck eggs, but, incredible as it may sound,
there are still some people who don't know about the 'locate' command.
Martin
>
On Mon, 2021-11-08 at 18:27 +, Rupert Gallagher wrote:
> Spammers are using gmail.com. Congratulations to Google for their fine
> work...
>
The more 'enterprising' ones are apparently sex come-ons, but contain
links to known-malicious URL shorteners.
Martin
ious (i.e. executable) file types. Fortunately, a
more complex rule, built from a set of subrules, that I wrote years ago
to trap mail with this sort of attachment is catching them now.
Martin
On Wed, 2021-10-20 at 11:50 -0500, Jerry Malcolm wrote:
> is working as it should. I'm pretty confident I've got the basic SA
> function working. But along with the bayes issue from a couple of posts
> back, I can't seem to make the KAM.cf file get involved. In previous
> installations, I would
connect to,
i.e. is it on localhost or somewhere else??
- what port is spamd listening on?
I run spamc and spamd on the same machine (i.e. spamd is on localhost)
and default the spamc arguments that describe how it connects to spamd,
so presumably you're doing something different.
Martin
erl, but this book, together with an example SA
plugin, were enough to let me write an SA plugin for doing lookups on a
PostgreSQL database containing my mail archive I use this plugin to
whitelist mail from anywhere I've previously sent mail to).
Martin
and I added a report to logwatch that lists new spam, so I know its
arrived and can be retrieved from quarentine if I decide I should
see it.
I've listed these steps and associated conditions in case any are useful
to you. This has all been up and running since 2007, so its tolerably
well tested.
Martin
ake - a useless URL that deserves to be listed.
Martin
Yea, it was more meant as a "we don't use postfix specifically". My
fallback idea was also to do the filtering on the MTA we do use, instead
of in SpamAssassin.
That was just bad phrasing on my part. Sorry about that :)
On 23/07/2021 16.51, jahli...@gmx.ch wrote:
Martin,
g entirely from messages found in the incoming mail
stream?
- what about the outbound mail stream?
- does it use mail archives or spam collections to test the rules it
generates
Martin
2 Jul 2021 20:09:19 +0300
Henrik K wrote:
On Thu, Jul 22, 2021 at 08:06:15PM +0300, Henrik K wrote:
On Thu, Jul 22, 2021 at 05:15:54PM +0200, Martin Flygenring wrote:
Is there a limitation to SpamAssassin so it doesn't accept
looking for the two X-Spam-headers, or can you spot why this
he two X-Spam-headers, or can you spot why this rule isn't matching?
Currently i'm testing it on:
SpamAssassin version 3.4.6
running on Perl version 5.32.1
on a machine running Manjaro.
--
Martin Flygenring (maf)
Systems Engineer, One.com
f you write a lot of Perl code. Disclosure:
I write mostly C and Java with a little bash and awk on the side, so
value having a comprehensive book like the Camel to hand if I need it.
BTW, the online regex development page URLs I gave were working as
expected at the time I wrote that note.
Martin
ns.info/ is also useful.
Its worth knowing about these too:
https://www.regexplanet.com/advanced/java/index.html
https://regex101.com/
They are both pages for testing regexes: both let you type in a regex
plus test strings to check whether the regex does what you expect - or
not!
Martin
t would be interesting to know how similar the output of other
browser/MUA combos is to what Brave+Evolution generates. I would not be
surprised if the e-mail content has a close dependence on what MUA is
used and how its composer preferences are set - and possibly which
browser is being used as well.
Martin
> Thanks for that: added it to a private rule I use to test for
> potentially dodgy extension types.
Martin
ther well. Before you ask, my daily
logwatch reports monitor the performance of local SA rules: I wrote
report modules to do that. Seems to me there's little point in writing,
testing and tuning local rule sets if you can't easily see how well
they're working.
Martin
content will only be loaded and displayed if the sender is in
your contacts list
- It prompts you about sending HTML text to contacts who don't want it.
Evolution was developed as part of the Linux Gnome Desktop toolset, but
rapidly spread to other Linux desktops (I use XFCE) and is also a free
download for Windows.
Martin
(most?) companies use different
subdomains for advertising messages than they use for order
confirmations etc. This makes blacklisting the advertising 'From'
addresses very simple to do and is a manual process.
Martin
re:
https://www.libelle-systems.com/free/portmanteau/portmanteau.tgz
Martin
PS: I realise many list regulars have seen all this stuff before, but
there are a number of new arrivals who won't have seen it and may find
it useful and/or get new ideas from it.
t can be used in a more spam-
specific meta rule.
Martin
uld trick SpamAssassin into
> > recognising them as internal.
>
Have you set the 'internal_networks' configuration parameter (in
local.cf)? If not, try that first.
Martin
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255356
>
> Is it a mistake? A bug in SA? Or can something be done to fix this?
>
There's no SPF record for bugs.freebsd.org though there is for
freebsd.org
But don't just take my word for it check it yourself with
https://www.kitterman.com/spf/validate.html
Martin
es
using the live mail stream. This way your rules will be better written
and tested and you'll cause fewer false positives in your live mail
stream.
Martin
this approach doesn't need any modifications to your existing SA
configuration
I hope this gives you some useful ideas.
Martin
.
Bottom line: always use dnf or yum to install, erase, or update rpm
packages held in a Redhat or third party repository. Only use rpm itself
to install freestanding rpm archives which are not distributed as part
of an rpm repository.
Martin
entire email into PasteBin or similar free repository
and post a link to it here - this way your message to the SA mailing
list can't be incorrectly recognised as spam.
Martin
Showing us the SA headers and hits would be a good idea: without them we
don't know why SA rejected the mail.
I notice that domain in the Message-ID is ficticious may not be
significant, but I usually think this is suspicious.
Martin
On Sun, 2020-11-29 at 09:40 -0600, Daryl Rose wrote:
&g
e last
time mail was sent to them and remove any addresses that haven't been
sent mail for 'x' days/weeks/months/years but I've never needed that
ability.
Martin
On Sun, 2020-10-25 at 12:08 -0600, Bob Proulx wrote:
> Martin Gregorie wrote:
> > I use this to send a copy of all outbound mail to a local mailbox.
> > Then periodically a cronjob scans and erases the mailbox content,
> > adding the To: address(es) to a list of corres
rom the correspondent list
because spamming addresses can creep onto the list, but its very
infrequently needed.
Martin
apart from an SA module, I've written my
special mail handlers in C and Java rather than Perl. All these
languages have built-in or library routines for reading mail and
interrogating servers.
Martin
>
> -Original Message-
> From: @lbutlr [mailto:krem...@kreme.com]
> S
On Tue, 2020-10-20 at 22:49 +0100, RW wrote:
> On Tue, 20 Oct 2020 21:34:08 +0100
> Martin Gregorie wrote:
>
> , not exactly what you're asking for, but e-mails where the From:
> > domain doesn't match the domain in Message-ID: are very often spam
> > and
&g
On Tue, 2020-10-20 at 21:34 +0100, Martin Gregorie wrote:
> On Tue, 2020-10-20 at 19:29 +0100, Miki wrote:
> > Hi, how to score this e-mails?
> > I know I can give negative score if To: IS my domain, but I do not
> > like this solution.
> > Any suggestions?
> &
le that gives a positive score to any mail whose To: or
BCC: headers contain your email address(es).
Also, not exactly what you're asking for, but e-mails where the From:
domain doesn't match the domain in Message-ID: are very often spam and
so could be worth a point or two.
Martin
marise whats in
quarantine each night, a PHP script to let me use a web browser inspect
quarantined spam and a shell script, run as a cron job, to delete
quarantined messages after 7 days.
Martin
urther tweaks as the rules are tested
* trying to explain that this type of rule cannot and will only work
reliably if its written against a single spamming domain.
Martin
ke the spam you're getting, but if
I did, that's the type of rule I'd be writing to trap the garbage.
Martin
xecute
an SA plugin without running it as an external Perl process. To do
that you'd also need to provide some way of passing input data to it
and of receiving the reply.
They also say that running a heap of regexes in Rspamd will slow it down
noticeably.
Martin
On Thu, 2020-07-23 at 09:36 +0700, Olivier wrote:
> I am wondering what grey list should be renamed...
Ageist!
;-)
Martin
s a plot to maintain both old and
new-style rule names for a while, but I predict that there will be much
wailing and gnashing of teeth from those who are not on this list when
either some name change is missed or further down the line the old names
vanish and all those who never update software g
l the so-called hard right here would appear to align more with
the Democrats in the USA, so to me a recent comment describing Obama as
a hard-left radical seems ridiculous: he's no more a leftie than former
UK Prime Ministers Tony Blair (Labour), David Cameron (Conservative) or
Jacinda Ardern (NZ Prime Minister) are.
Martin
eteness: one of my private
rules uses URIBL_BLACK as a subrule. I have no other potential conflicts
with SA rule name changes and no postprocessing that's dependent on SA
rule names.
Martin
On Sun, 2020-07-19 at 20:27 -0400, Kevin A. McGrail wrote:
> On 7/19/2020 8:23 PM, Martin Gregorie wrote:
> > The only way I can see to prevent the name changes from affecting SA
> > users private rules is to duplicate the affected rules
>
> Yeah, I just posted this idea on
ules compare subrule score values then the private
rules may fail completely unless rewritten.
Martin
HITELIST and BLACKLIST without
finding any that none are affected by those changes.
Then I also grepped them for WHITE and BLACK and this time I saw that
two of my local rules reference the standard URIBL_BLACK rule. Is this
name likely to change?
Martin
However, a note there may well
propagate to future SA versions because typical developer version
forking.
Anyway, I hope these comments are useful.
Martin
warding DNS who sent
this list an e-mail saying that RBL service has been cut off until cash
is sent is now officially extinct as a subspecies, never to be heard
from again.
Martin
an ancestry (William of 1066 fame was of
mixed Norse-French ancestry) was referring to 'black sin' rather than
black skins before said 'natural philosophers', Linnaeus, etc. chose to
apply it to black-skinned people with a racial meaning.
Thanks for that confirmation.
Martin
O'Reilly 'locust' book "DNS and Bind".
I haven't used unbound so have no idea how easy it would be to set up to
support just non-forwarded queries.
Martin
On Tue, 2020-07-14 at 22:59 +0200, Antony Stone wrote:
> On Tuesday 14 July 2020 at 21:46:11, Martin Gregorie wrote:
>
> > This info should include lots of black (hashmarks, asterisks etc).
>
> You should be careful of the language you use these days, especially
> on this
&
nt free use of the default RBLs then
INSTALL YOUR OWN NON-FORWARDING DNS.
Martin
> Regards,
> KAM
> --
> Kevin A. McGrail
> Member, Apache Software Foundation
> Chair Emeritus Apache SpamAssassin Project
> https://www.linkedin.com/in/kmcgrail - 703.798.0171
>
>
> On Tue,
e for late payment and
failing to get his meter read. Similarly, I don't remember the All
Blacks, national rugby team, ever not having Maoris in it.
Martin
en slightly. Its a pity George Orwell isn't around now.
> One does not concede ground to radicals one punishes them because
> they are intent on destroying anything civilized.
>
I don't think you have the faintest idea of what a radical is.
Martin
have been Charles II of England, in 1660,
when he constructed a 'black list' of people he intended to punish for
killing his father, Charles I so any connection with skin colour seems
to be entirely irrelevant since in that era it would be referring to the
black souls of the regicides.
Martin
On Fri, 2020-07-10 at 12:07 +, Pedro David Marco wrote:
> OK... who starts??? :-)
> once Finished we can rewrite "El Quixote" as well...
>
That's already been sort of redefined: see https://xkcd.com/556/
Martin
son with extensive understanding of a body
of knowledge, e.g. master (of a sailing ship), master craftsman, or a
qualification: MSc, MA, etc.
Martin
On Tue, 2020-07-07 at 22:07 +, Pedro David Marco wrote:
> Thanks Martin, but the meta may be possitive if one URL triggers
> SUBRULE1 and another different URL triggers SUBRULE2...
> how can you be sure both SUBRULES are possitive in the "same" URL?
>
I didn't sp
__SUBRULE1 /(URL alternateslist1)/
uri __SUBRULE1 /(URL alternateslist2)/
meta MYMETARULE (__SUBRULE1 &&
__SUBRULE2)
score MYMETARULE 6.0
...or something like that
Martin
lists are
well-chosen from words and phrases from spam you've received, it will
also hit on sales spam using combinations you've not previously seen
while being surprisingly good at not giving FPs on business or personal
letters.
The only disadvantage is that the subrules get a bit unwieldy and hard
to edit once their definitions get much longer than 80 characters. That
aside, they're easy to understand and maintain.
Martin
This works for my low volume mail stream: there's no reason why higher
volume sites shouldn't use a full-monty MTA to feed the incoming stream
through SA and a spam discriminator before passing the clean stream to a
second MTA for delivery.
Martin
ly to be valid:
Score 5+ if:
- body or subject mention amazon prime
and
- sender and/or Message-ID do not contain a valid Amazon host name.
Remember to keep 2-3 example messages for testing your new rule before
you adding it to your live system.
Martin
On Sat, 2020-06-13 at 15:25 +0100, RW wrote:
> On Sat, 13 Jun 2020 03:10:52 +0100
> Martin Gregorie wrote:
>
> > You can easily update the rbldnsd zone data (just write/update the
> > > data file, no need to restart spamd) and could create a custom
> > > scorin
anything
to update the database content.
Martin
>
>
>
> --
> Dave Funk University of Iowa
> College of Engineering
> 319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S
> Capitol St.
> Sys_admin/Postmaster/cell_admin
points to gmail users you
don't want mail from.
Martin
m folder,
while an arrangement like mine (filter immediately after SA) puts all
spam in a common holding area.
HTH
Martin
1 - 100 of 1808 matches
Mail list logo
